Key TakeawaysInfoblox report: Researchers linked a long-running campaign using fake installers and VPNs to build residential proxy networks.Operation uncovered: Over 230 lookalike domains supported malware…
Key TakeawaysListing Surfaces: A forum actor claims to be selling a "complete database" tied to Universidad de Monterrey.Data Scope: The alleged archive covers student, faculty,…
Key TakeawaysThreat actor: Okta tracks the group as O-UNC-066, also known as "Pink" by Palo Alto Networks Unit 42, behind the campaign.Attack vector: Vishing lures…
Key TakeawaysFriendly Fire exploit: AI coding agents executed malicious code during third-party security reviews via prompt injection attacks.Verified research: AI Now Institute demonstrated remote code…
Key TakeawaysBreach confirmed: AssuranceAmerica confirmed a data breach exposing the personal information and driver's license numbers of roughly 7 million people.Discovery timeline: Hackers were discovered…
Key TakeawaysNordVPN Message Protection launched: New Android feature warns about suspicious SMS scams; works without an active VPN connection.Privacy details limited: NordVPN says messages aren't…
Key TakeawaysBackdoor Warning: China's National Vulnerability Database flagged an alleged "backdoor" in Claude Code versions 2.1.91 through 2.1.196.Data Transmission: The mechanism was said to send…
Key TakeawaysAI coding agents: Sophos found coding assistants trigger endpoint detection rules by performing attacker-like but mostly legitimate actions.Behavioral telemetry: Credential access, PowerShell commands, downloads,…
Key TakeawaysAccenture security breach confirmed: Company confirms an isolated breach after hacker claimed to sell alleged 35GB of stolen data.Claims remain unverified: Accenture did not…
Key TakeawaysCampaign Uncovered: Socket detected 17 malicious npm and PyPI packages typosquatting PaySafe, Skrill, and Neteller SDKs.Rapid Detection: Each npm package shipped versions 1.0.0–1.0.3 and…
Key TakeawaysNew Threat: Cloud AI Infrastructure Attack Framework is a centralized botnet worm targeting cloud-native developer tools.Malware Rivalry: Reports say it kills competitor processes TeamPCP…
Key TakeawaysCISA action: CISA added four actively exploited vulnerabilities to its KEV catalog – CVE-2026-48282, CVE-2026-55255, CVE-2026-48908, and CVE-2026-56290.Products affected: The flaws impact Adobe ColdFusion,…
Key TakeawaysOutage Confirmed: Telstra is investigating a nationwide outage that cut phone services, disrupted wireless payments, and impacted trains.Triple-zero Impacted: Communications Minister confirmed some calls…
Key TakeawaysNordVPN Q2 2026 roundup: Introduces next-gen antivirus, global scam call protection, AI voice detection, and VR VPN support.Verified updates: Official NordVPN announcement confirms new…
Key TakeawaysNew Zealand VPN restrictions: Government officially denies plans to restrict or ban VPNs despite earlier reports and public speculation.Official clarification: Prime Minister and Education…
Key TakeawaysIPVanish Q2 2026 Transparency Report: IPVanish published its Q2 2026 Transparency Report, reaffirming its no-logs policy and privacy commitments.Quarterly request summary: The report details…
Key TakeawaysExpressVPN VPN server expansion: ExpressVPN expanded to 214 selectable server locations across 113 countries, its largest network expansion.More local connection choices: New locations provide…
Key TakeawaysForum listing claimed: A threat actor is advertising a dataset allegedly tied to Accenture on a hacking forum, claiming roughly 35GB of company source…
Key TakeawaysCampaign Window: The phishing campaign ran from early April to mid-May 2026, using a law firm-style email with a password-protected PDF attachment.Token Theft: Attackers…




























